Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-8847

SPNEGOLoginModuleTestCase#testIdentityPropagation fails with IBM on some machines

    XMLWordPrintable

    Details

    • Steps to Reproduce:
      Hide

      1. find name of your interface

      ip -4 addr

      2. retgister 2 virtual IP addresses

      sudo ifconfig enp0s25:0 192.168.1.16    
      sudo ifconfig enp0s25:1 192.168.1.17
      

      3. Configure IBM java on path
      4. Run testsuite with second virtual address

      ./integration-tests.sh -Dmaven.test.failure.ignore=true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile=false -Dnode0=192.168.1.17
      Show
      1. find name of your interface ip -4 addr 2. retgister 2 virtual IP addresses sudo ifconfig enp0s25:0 192.168.1.16 sudo ifconfig enp0s25:1 192.168.1.17 3. Configure IBM java on path 4. Run testsuite with second virtual address ./integration-tests.sh -Dmaven.test.failure.ignore= true -fae -Dts.noSmoke -Dts.basic -Dtest=SPNEGOLoginModuleTestCase -DtestLogToFile= false -Dnode0=192.168.1.17

      Description

      IBM java sends address in delegated kerberos ticket. ApacheDS includes this address into ticket and check that address with address of client (taken from connection). On some machines, these addresses doesn't match.

      Those are machines when there are several virtual IPs and if node0 is set to non-first IP address, ApacheDS address check fails.

      See details in https://issues.apache.org/jira/browse/DIRSERVER-2156

      �[31m15:14:11,302 ERROR [io.undertow.request] (default task-32) UT005023: Exception handling request to /f1eb2aa6-5139-4bce-bad8-ad9a49d3912f/protected/PropagateIdentityServlet: javax.servlet.ServletException: Propagation failed.
      	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:87)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:687)
      	at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
      	at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:85)
      	at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
      	at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
      	at org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:131)
      	at io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
      	at io.undertow.server.handlers.DisableCacheHandler.handleRequest(DisableCacheHandler.java:33)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:51)
      	at io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
      	at io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
      	at io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:56)
      	at io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
      	at io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
      	at io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
      	at io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
      	at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:285)
      	at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:264)
      	at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:81)
      	at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:175)
      	at io.undertow.server.Connectors.executeRootHandler(Connectors.java:202)
      	at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:792)
      	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1153)
      	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
      	at java.lang.Thread.run(Thread.java:785)
      Caused by: org.ietf.jgss.GSSException, major code: 11, minor code: 0
      	major string: General failure, unspecified at GSSAPI level
      	minor string: Error: java.lang.Exception: Error: com.ibm.security.krb5.KrbException, status code: 38
      	message: Incorrect net address
      	at com.ibm.security.jgss.i18n.I18NException.throwGSSException(I18NException.java:33)
      	at com.ibm.security.jgss.mech.krb5.g.a(g.java:23)
      	at com.ibm.security.jgss.mech.krb5.g.initSecContext(g.java:814)
      	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:337)
      	at com.ibm.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:437)
      	at org.jboss.eapqe.krbldap.utils.krb.GSSTestClient.getName(GSSTestClient.java:100)
      	at org.jboss.eapqe.krbldap.eap.deployments.servlets.PropagateIdentityServlet.doGet(PropagateIdentityServlet.java:85)
      	... 32 more
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mchoma Martin Choma
              Reporter:
              mchoma Martin Choma
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: